A suite of utilities and libraries for analyzing binary programs, supporting multiple architectures and offering symbolic execution.
Binary Analysis Platform (BAP) is a comprehensive framework for binary program analysis developed at Carnegie Mellon University. It enables disassembly, lifting, and analysis of binaries across multiple architectures like x86, ARM, and MIPS, providing tools for symbolic execution, microexecution, and custom analysis implementations. The platform solves the problem of analyzing binary programs without source code, supporting both out-of-the-box utilities and deep customization for specialized research or security tasks.
Security researchers, reverse engineers, and academic researchers working on binary analysis, vulnerability discovery, or program verification. It is also suitable for developers building custom analysis tools or integrating binary analysis capabilities into larger applications.
Developers choose BAP for its extensible plugin architecture, multi-architecture support, and the Primus Lisp DSL for writing analyses. Its unique selling point is bridging academic research with practical binary analysis, offering both a ready-to-use framework and the flexibility to embed it as a library in OCaml, C, or Python applications.
Binary Analysis Platform
Supports x86, ARM, MIPS, PowerPC, and more via extensible plugins, enabling analysis across diverse binaries in a single framework.
Allows custom analyses via OCaml or Python plugins without recompiling the core, as shown in the tutorial for writing and installing plugins.
Provides a domain-specific language for writing analyses, modeling functions, and interfacing with SMT solvers, enhancing flexibility for research tasks.
Offers an OCaml toplevel for interactive exploration and scripting, useful for debugging and rapid prototyping within the BAP environment.
Installation from sources requires opam and specific OCaml versions, with the README noting potential system dependency issues and recommending help from chat.
The platform is vast with its own DSL and binary analysis concepts; the learning section admits it's 'easy to get lost' and relies on community support.
Primarily command-line driven with few pre-built utilities for common tasks, focusing more on customization than ready-to-use analyses.
Ghidra is a software reverse engineering (SRE) framework
.NET debugger and assembly editor
Firmware Analysis Tool
Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.